Detection of Malicious Android Applications Based on Verification of Indicators of Compromise and Machine Learning Techniques

---

Résumé

Android is the operating system with the largest share of the global smartphone market. The system’s popularity makes it an attractive target for malware because of its users’ data. Despite the security measures used by Google and certain researchers to combat malicious applications, some still slip through the net. In this article, we propose a new approach to detecting malware on Android. This approach combines indicators of compromise, external APK analysis services, and machine learning. We start by compiling a database of indicators of compromise in Android applications. Then, the first step is to exploit this database and the static analysis of Android applications to identify and extract indicators of compromise. The second step uses a machine learning technique to predict whether a given application is malware or not, using a vector of its permissions. This vector is composed of 0 if permission is absent and 1 if it is present. Detection based on indicators of compromise and the external APK analysis service detected 20 malicious applications among 100 benign applications on Androzoo. In addition, the machine learning model trained on a dataset consisting of 2,935 malicious applications and 2,897 benign applications gave a malicious application detection accuracy of 94%. This demonstrates the effectiveness of our approach in predicting malicious applications based on permissions.

Mots-clés

Android (operating system), Compromise, Support vector machine, Training set, Robustness (evolution)